Follow

That's an interesting idea... instead of storing the bearer tokens associated with your internally-pointing ocaps (held by external users), salt and hash them. That way if your server is compromised the ocaps that other people hold to you internally can still be valid.

groups.google.com/d/msg/cap-ta

· · Web · 2 · 2 · 6

The ocaps *you* hold to *external* servers however... well... those will still be hosed. But it doesn't look like that can be solved without a certificate-style ocap approach, which doesn't work in the case of simple-linkable-ocaps like we need for protocols like ActivityPub.

@cwebber I mean they're basically passwords so it makes sense to treat them the same way you'd store passwords right?

@aaronpk Yep, it's obvious once proposed, just somehow I had never thought of it :)

@cwebber I feel like we should have a chat about this and turn it into a podcast/video or something. We come from different backgrounds on this front but i feel like share a lot of the same goals.
Sign in to participate in the conversation
Octodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!